Blockchain: The requirement for privilege controls in a distributed ledger

There have been endless conversations about how it will grow to become a favoured method for how we conduct, secure, verify and record online transactions without a middle man – as we have already seen with the handling of Bitcoin and other cryptocurrencies.

Recent research revealed the size of the global blockchain technology market will reach US$7.59 billion by 2024 – that’s a 37.2 percent compound annual growth rate during the forecast period.

While countries like Estonia that are leading the way with an increasing number of government services opting to use blockchain to carry out transactions, the technology remains in comparative infancy in Australia.

Perhaps the uncertainty around how to best secure blockchain explains why the Australian government’s Digital Transformation Agency recently declared that, while it finds the technology interesting, it has not yet identified how blockchain can deliver better value for government services.

The benefits of blockchain have been publicly lauded. However, like any technology, it has its downfalls.

The ubiquity of blockchain and cryptocurrencies has cultivated a new breed of malware known as crypto miner, which takes over a computer’s resources and uses compute power for illicit cryptocurrency mining. The server, application, and ledger processes can be attacked, and cyber criminals can tamper with the blockchain. Successful exploits can result in identity theft, where attackers are able to impersonate an authenticated user to access sensitive data.

Cryptocurrency exchange firm Coincheck revealed it had fallen victim to a crypto miner attack earlier this year. The Japan-based company estimated it lost more than US$500 million worth of bitcoin.

The Coincheck attack was widely reported because of its scale, but other cases have flown under the radar. Trend Micro reported that between January and July 2018, crypto mining attacks increased by nearly 1,000 percent compared to the second half of 2017.

In most of these cases, cyber criminals have been rushing to exploit a new cryptocurrency, called Monero, an open source, peer-to-peer cryptocurrency known for its anonymous and decentralised features. It’s not the anonymity of Monero (A.K.A. “privacy coin”) that has attracted cyber criminals. The interest lies in the proof-of-work algorithm – CryptoNight – that secures its blockchain system, validates new transactions and propagates them through networks.

With the rise in crypto mining, malware monetisation techniques such as ransomware have fallen by the wayside. The ability to easily convert electricity and access to computer hardware into money – in most cases without the user even realising – has become increasingly attractive for hackers worldwide.

Now, it’s worth emphasising that blockchain itself is safe. The weakness of blockchain lies with the endpoints – where the technology interacts with unsafe, or less safe, environments. These environments often rely on standard IT infrastructure that use servers and databases, where better known IT risks are inherent.

To stay protected against these vulnerabilities, companies need to rethink how they lock down their endpoints. Firewalls and antivirus software no longer suffice. Businesses need to authenticate and record individual access into the blockchain environment to avoid fraudulent activity, and secure against privileged attacks that can compromise or tamper with the ledger.

By having better control and more effective oversight over the entire IT environment – including IT administration, privileges and monitoring – businesses will have a greater understanding of both legitimate and suspicious activity.

Endpoint behavioural analytics is an emerging technology that allows businesses to analyse and identify unusual activity. This kind of analysis can help mitigate security risk, as businesses will be able to proactively lock down accounts with suspicious activity.

Keeping endpoints flexible for the end-user without compromising security can be a fine balance. Containments and certain security policies can be added so that an application can still run if it’s accessed by a trusted user, but cannot be accessed by an attacker when suspicious activity is detected.

Blockchain can offer great potential. But before businesses get caught up in taking advantage of its features, they need to ensure the endpoints the technology interacts with are secured to avoid any possible attacks.